Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-11 07:39:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/drivers/usb/gadget
History
Andrzej Pietrasiewicz f0f42204d0 usb: gadget: fix NULL pointer dereference 
Fix possible NULL pointer dereference introduced in
commit 219580e (usb: f_fs: check quirk to pad epout
buf size when not aligned to maxpacketsize)

In cases we do wait with:

wait_event_interruptible(epfile->wait, (ep = epfile->ep));

for endpoint to be enabled, functionfs_bind() has not been called yet
and epfile->ffs->gadget is still NULL and the automatic variable 'gadget'
has been initialized with NULL at the point of its definition.
Later on it is used as a parameter to:

usb_ep_align_maybe(gadget, ep->ep, len)

which in turn dereferences it.

This patch fixes it by moving the actual assignment to the local 'gadget'
variable after the potential waiting has completed.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-20 09:17:23 -06:00
..
acm_ms.c
usb: gadget: fix up some comments about CONFIG_USB_DEBUG
2013-12-20 09:51:24 -06:00
amd5536udc.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
amd5536udc.h
usb: gadget: amd5536udc: remove unused structure member
2013-03-18 11:16:56 +02:00
at91_udc.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
at91_udc.h
usb: gadget: at91_udc: add usb_clk for transition to common clk framework
2013-08-02 15:17:03 +03:00
atmel_usba_udc.c
ARM: SoC cleanups for 3.14
2014-01-23 18:36:55 -08:00
atmel_usba_udc.h
USB: gadget: atmel_usba: add DT support
2013-05-24 07:14:45 +08:00
audio.c
usb: gadget: remove usb_gadget_controller_number()
2012-09-10 16:43:24 +03:00
bcm63xx_udc.c
usb: gadget: bcm63xx_udc: fix build failure on DMA channel code
2014-02-18 10:34:54 -06:00
cdc2.c
usb: gadget: cdc2: fix conversion to new interface of f_ecm
2013-09-17 10:38:52 -05:00
composite.c
usb: gadget: should use u16 type variable to store MaxPower
2013-12-19 09:27:43 -06:00
config.c
usb: gadget: always update HS/SS descriptors and create a copy of them
2012-10-31 15:09:44 +02:00
configfs.c
usb: gadget: configfs: include appropriate header file in configfs.c
2013-12-19 09:27:42 -06:00
configfs.h
usb: gadget: configfs: add a method to unregister the gadget
2013-10-01 09:50:22 -05:00
dbgp.c
usb: gadget: allocate & giveback serial ports instead hard code them
2013-01-21 20:52:43 +02:00
dummy_hcd.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
epautoconf.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
ether.c
usb: gadget: ether: put_usb_function on unbind
2013-07-25 20:35:23 +03:00
f_acm.c
usb: acm gadget: Null termintate strings table
2013-08-30 11:10:36 -07:00
f_ecm.c
usb: gadget: f_ecm: remove compatibility layer
2013-12-12 13:43:36 -06:00
f_eem.c
usb: gadget: f_eem: Staticize eem_alloc
2013-09-17 11:06:50 -05:00
f_fs.c
usb: gadget: fix NULL pointer dereference
2014-02-20 09:17:23 -06:00
f_hid.c
usb: gadget: factor out alloc_ep_req
2013-11-26 13:41:32 -06:00
f_loopback.c
usb: gadget: f_loopback: Fix sparse warning
2013-12-17 13:17:42 -06:00
f_mass_storage.c
usb: gadget: f_mass_storage: Fix sparse warning
2013-12-17 13:17:43 -06:00
f_mass_storage.h
usb: gadget: f_mass_storage: remove compatibility layer
2013-10-10 10:24:53 -05:00
f_midi.c
usb: gadget: factor out alloc_ep_req
2013-11-26 13:41:32 -06:00
f_ncm.c
usb: gadget: f_ncm: Fix sparse warning
2013-12-17 13:17:43 -06:00
f_obex.c
usb: gadget: f_obex: Fix sparse warning
2013-12-17 13:17:43 -06:00
f_phonet.c
usb: gadget: f_phonet: Fix sparse warning
2013-12-17 13:17:44 -06:00
f_rndis.c
usb: gadget: rndis: merge u_rndis.ko with usb_f_rndis.ko
2013-12-12 13:43:38 -06:00
f_serial.c
usb: gadget: f_serial: Fix sparse warning
2013-12-17 13:17:44 -06:00
f_sourcesink.c
usb: gadget: f_sourcesink: Fix sparse warning
2013-12-17 13:17:44 -06:00
f_subset.c
usb: gadget: f_subset: remove compatibility layer
2013-12-12 13:43:37 -06:00
f_uac1.c
usb: gadget: f_uac1: Staticize local functions
2013-08-09 16:34:19 +03:00
f_uac2.c
USB: gadget: f_uac2: Fix broken prm to uac2 mapping
2013-06-10 17:10:23 +03:00
f_uvc.c
Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
2013-07-13 12:09:57 -07:00
f_uvc.h
usb: gadget: uvc: Fix coding style issues introduced by SS support
2013-03-18 11:18:18 +02:00
fotg210-udc.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
fotg210.h
usb: gadget: add Faraday fotg210_udc driver
2013-06-10 17:58:11 +03:00
fsl_mxc_udc.c
usb: gadget: use dev_get_platdata()
2013-07-30 11:18:46 +03:00
fsl_qe_udc.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
fsl_qe_udc.h
usb: gadget: Complete fsl qe/udc driver conversion
2012-06-12 13:32:29 +03:00
fsl_udc_core.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
fsl_usb2_udc.h
usb: gadget: fsl_mxc_udc: replace MX35_IO_ADDRESS to ioremap
2013-01-18 14:08:21 +02:00
functions.c
usb: gadget: add a forward pointer from usb_function to its "instance"
2013-01-21 20:52:46 +02:00
fusb300_udc.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
fusb300_udc.h
usb: gadget: fusb300_udc: add FUSB300_EPSET0_STL_CLR for clearing EP0 stall
2013-04-02 16:57:24 +03:00
g_ffs.c
usb: gadget: g_ffs: convert to new interface of f_fs
2013-12-12 13:43:39 -06:00
g_zero.h
usb: gadget: f_sourcesink: add configfs support
2013-11-26 13:47:41 -06:00
gadget_chips.h
usb: gadget: remove usb_gadget_controller_number()
2012-09-10 16:43:24 +03:00
gmidi.c
usb: gadget: consider link speed for bMaxPower
2013-01-10 12:38:52 +02:00
goku_udc.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
goku_udc.h
usb: gadget: goku_udc: let udc-core manage gadget->dev
2013-03-18 11:16:45 +02:00
gr_udc.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
gr_udc.h
usb: gadget: Add UDC driver for Aeroflex Gaisler GRUSBDC
2013-12-23 19:26:13 -06:00
hid.c
usb: gadget: use dev_get_platdata()
2013-07-30 11:18:46 +03:00
inode.c
Merge git://git.kvack.org/~bcrl/aio-next
2013-09-13 10:55:58 -07:00
Kconfig
usb: gadget: Add UDC driver for Aeroflex Gaisler GRUSBDC
2013-12-23 19:26:13 -06:00
lpc32xx_udc.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
m66592-udc.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
m66592-udc.h
usb: gadget: m66592-udc: convert to udc_start/udc_stop
2013-01-24 21:11:29 +02:00
Makefile
usb: gadget: Add UDC driver for Aeroflex Gaisler GRUSBDC
2013-12-23 19:26:13 -06:00
mass_storage.c
usb: gadget: mass_storage: convert to new interface of f_mass_storage
2013-10-10 10:24:10 -05:00
multi.c
usb: gadget: fix up some comments about CONFIG_USB_DEBUG
2013-12-20 09:51:24 -06:00
mv_u3d_core.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
mv_u3d.h
usb: gadget: mv: Add USB 3.0 device driver for Marvell PXA2128 chip.
2012-06-22 13:08:21 +03:00
mv_udc_core.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
mv_udc.h
usb: gadget: mv_udc_core: remove unused clock
2013-04-02 11:42:45 +03:00
ncm.c
usb: gadget: ncm: convert to new function interface
2013-06-10 17:12:52 +03:00
ndis.h
net2272.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
net2272.h
net2280.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
net2280.h
nokia.c
usb: gadget: nokia: fix error recovery path for optional functions
2013-12-17 13:17:41 -06:00
omap_udc.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
omap_udc.h
pch_udc.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
printer.c
usb: gadget: printer: using gadget_is_otg to check otg support at runtime
2014-02-20 09:17:22 -06:00
pxa25x_udc.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
pxa25x_udc.h
usb: gadget: pxa25x_udc: convert to udc_start/udc_stop
2013-01-24 21:11:31 +02:00
pxa27x_udc.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
pxa27x_udc.h
usb: gadget: pxa27x_udc: convert to udc_start/udc_stop
2013-01-24 21:11:31 +02:00
r8a66597-udc.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
r8a66597-udc.h
gadget/r8a66597: remove conditional compilation of clk code
2012-07-30 17:25:12 -07:00
rndis.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
rndis.h
usb: gadget: rndis: init & exit rndis at module load/unload
2013-06-10 17:58:09 +03:00
s3c2410_udc.c
usb: gadget: s3c2410_udc: Fix build error
2014-02-18 10:34:04 -06:00
s3c2410_udc.h
usb: gadget: s3c2410: convert to udc_start/udc_stop
2013-01-24 21:11:32 +02:00
s3c-hsotg.c
usb: gadget: s3c-hsotg: remove duplicated include from s3c-hsotg.c
2014-01-07 16:30:10 -08:00
s3c-hsotg.h
usb: gadget: s3c-hsotg: get phy bus width from phy subsystem
2013-12-23 14:31:49 -06:00
s3c-hsudc.c
usb: gadget: add "maxpacket_limit" field to struct usb_ep
2013-12-17 13:17:41 -06:00
serial.c
usb: gadget: serial: convert to new interface of f_obex
2013-04-03 14:43:36 +03:00
storage_common.c
usb: gadget: storage_common: pass filesem to fsg_store_cdrom
2013-10-15 06:52:08 -05:00
storage_common.h
usb: gadget: mass storage: fix return of delayed status
2013-11-25 10:56:33 -06:00
tcm_usb_gadget.c
usb: gadget: tcm_usb_gadget: mark bot_cleanup_old_alt static
2013-11-25 11:19:41 -06:00
tcm_usb_gadget.h
usb: gadget: make sure each gadget is using same index for Product, Serial,…
2012-09-10 16:13:00 +03:00
u_ecm.h
usb: gadget: f_ecm: add configfs support
2013-06-10 17:27:54 +03:00
u_eem.h
usb: gadget: f_eem: add configfs support
2013-06-10 17:58:00 +03:00
u_ether_configfs.h
usb: gadget: add helpers for configfs support for USB Ethernet
2013-06-10 17:15:43 +03:00
u_ether.c
usb: gadget: update some out of date comments
2013-11-26 10:58:17 -06:00
u_ether.h
usb: gadget: f_rndis: remove compatibility layer
2013-12-12 13:43:37 -06:00
u_f.c
usb: gadget: factor out alloc_ep_req
2013-11-26 13:41:32 -06:00
u_f.h
usb: gadget: factor out alloc_ep_req
2013-11-26 13:41:32 -06:00
u_fs.h
usb: gadget: FunctionFS: add configfs support
2013-12-12 13:43:40 -06:00
u_gether.h
usb: gadget: f_subset: add configfs support
2013-06-10 17:58:08 +03:00
u_ncm.h
usb: gadget: f_ncm: add configfs support
2013-06-10 17:15:02 +03:00
u_phonet.h
usb: gadget: f_phonet: remove compatibility layer
2013-06-10 17:31:55 +03:00
u_rndis.h
usb: gadget: rndis: merge u_rndis.ko with usb_f_rndis.ko
2013-12-12 13:43:38 -06:00
u_serial.c
usb: gadget: u_serial: fix typo which cause build warning
2013-03-14 12:47:53 +02:00
u_serial.h
usb: gadget: nokia: use function framework for ACM
2013-04-03 14:43:20 +03:00
u_uac1.c
usb: gadget: u_uac1: add __user annotation
2013-08-09 16:34:13 +03:00
u_uac1.h
udc-core.c
usb: gadget: udc-core: Do not report -EISNAM error from gadgetfs
2013-10-04 09:44:43 -05:00
usbstring.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
uvc_queue.c
usb: gadget: uvc: Fix error handling in uvc_queue_buffer()
2013-08-09 17:40:54 +03:00
uvc_queue.h
usb: gadget/uvc: Port UVC webcam gadget to use videobuf2 framework
2013-04-02 11:42:48 +03:00
uvc_v4l2.c
usb: gadget/uvc: Add support for 'get_unmapped_area' for MMUless architectures
2013-04-02 11:42:49 +03:00
uvc_video.c
usb: gadget/uvc: Port UVC webcam gadget to use videobuf2 framework
2013-04-02 11:42:48 +03:00
uvc.h
[media] f_uvc: add v4l2_device and replace parent with v4l2_dev
2013-06-21 11:04:47 -03:00
webcam.c
usb: gadget: consider link speed for bMaxPower
2013-01-10 12:38:52 +02:00
zero.c
Linux 3.13-rc4
2013-12-19 09:18:53 -06:00